Question No.221

A host attached toEthernet 1/4 cannot ping the default gateway. The widget on the dashboard shows Ethernet 1/1 and Ethernet 1/4 to be green. The IP address of Ethernet 1/1 is 192.168.1.7 and the IP address of Ethernet 1/4 is 10.1.1.7. The default gateway is attached to Ethernet 1/1. A default route is properly configured. What can be the cause of this problem?

No Zone has been configured on Ethernet 1/4.

Interface Ethernet 1/1 is in Virtual Wire Mode.

DNS has not been properly configured on the firewall.

DNS has not been properly configured on the host.

Correct Answer: A

Question No.222

Which CLI command displays the current management plan memory utilization?

Question No.224

A network security engineer is asked to perform a Return Merchandise Authorization (RMA) on a firewall. Which part of files needs to be imported back into the replacement firewall that is using Panorama?

Device state and license files

Configuration and serial number files

Configuration and statistics files

Configuration and Large Scale VPN (LSVPN) setups file

Correct Answer: A

Question No.225

Which two statements are correct for the out-of-box configuration for Palo Alto Networks NGFWs? (Choose two)

The devices are pre-configured with a virtual wire pair out the first two interfaces.

The devices are licensed and ready for deployment.

The management interface has an IP address of 192.168.1.1 and allows SSH and HTTPS connections.

A default bidirectional rule is configured that allows Untrust zone traffic to go to the Trust zone.

The interface are pingable.

Correct Answer: BC

Question No.226

A firewall administrator is troubleshooting problems with traffic passing through the Palo Alto Networks firewall. Which method shows the global counters associated with the traffic after configuring the appropriate packet filters?

From the CLI, issue the show counter global filter pcap yes command.

From the CLI, issue the show counter global filter packet-filteryes command.

From the GUI, select show global counters under the monitor tab.

From the CLI, issue the show counter interface command for the ingress interface.

Correct Answer: B

Question No.227

Which authentication source requires the installation of Palo Alto Networks software, other than PAN-OS 7x, to obtain a username-to-IP-address mapping?

Microsoft Active Directory

Microsoft Terminal Services

Aerohive Wireless Access Point

Palo Alto Networks Captive Portal

Correct Answer: B

Question No.228

A company has a policy that denies all applications it classifies as bad and permits only application it classifies as good. The firewall administrator created the following security policy on the company#39;s firewall.

Which two benefits are gained from having both rule 2 and rule 3 presents? (Choose two)

A report can be created thatidentifies unclassified traffic on the network.

Different security profiles can be applied to traffic matching rules 2 and 3.

Rule 2 and 3 apply to traffic on different ports.

Separate Log Forwarding profiles can be applied to rules 2 and 3.

Correct Answer: BD

Question No.229

Which three options are available when creating a security profile? (Choose three)

Anti-Malware

File Blocking

Url Filtering

IDS/ISP

Threat Prevention

Antivirus

Correct Answer: ABF

Question No.230

How is the Forward Untrust Certificate used?

It issues certificates encountered on the Untrust security zone when clients attempt to connect to asite that has be decrypted.

It is used when web servers request a client certificate.

It is presented to clients when the server they are connecting to is signed by a certificate authority that is not trusted by firewall.